Besides the filter, NAT and mangle tables, another invisible table exists. This table is responsible for connection tracking. IPTables is a stateful packet filter and the statefulness is provided by the connection tracking subsystem which is represented by this table.

This table only checks the relations of the packet towards the connections already investigated. It never drops or rejects any packet, only sets the state information of the packets/connections.

This table is registered to the Prerouting and to the Output hooks with the possible lowest priority, meaning it gets the packets before the mangle table.